search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
spoolss: add SPOOLSS_DRIVER_VERSION_2012 (4) define to IDL.
[Samba/vl.git] / source4 / libcli / ldap / ldap_client.c
blob7c8bb0304c927049f34b117e73917fd0b36ff8a5
1 /*
2 Unix SMB/CIFS mplementation.
3 LDAP protocol helper functions for SAMBA
4
5 Copyright (C) Andrew Tridgell 2004
6 Copyright (C) Volker Lendecke 2004
7 Copyright (C) Stefan Metzmacher 2004
8 Copyright (C) Simo Sorce 2004
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22
23 */
24
25 #include "includes.h"
26 #include <tevent.h>
27 #include "lib/socket/socket.h"
28 #include "../lib/util/asn1.h"
29 #include "../lib/util/dlinklist.h"
30 #include "libcli/ldap/libcli_ldap.h"
31 #include "libcli/ldap/ldap_proto.h"
32 #include "libcli/ldap/ldap_client.h"
33 #include "libcli/composite/composite.h"
34 #include "lib/stream/packet.h"
35 #include "lib/tls/tls.h"
36 #include "auth/gensec/gensec.h"
37 #include "system/time.h"
38 #include "param/param.h"
39 #include "libcli/resolve/resolve.h"
40
41 /**
42 create a new ldap_connection stucture. The event context is optional
43 */
44 _PUBLIC_ struct ldap_connection *ldap4_new_connection(TALLOC_CTX *mem_ctx,
45 struct loadparm_context *lp_ctx,
46 struct tevent_context *ev)
47 {
48 struct ldap_connection *conn;
49
50 if (ev == NULL) {
51 return NULL;
52 }
53
54 conn = talloc_zero(mem_ctx, struct ldap_connection);
55 if (conn == NULL) {
56 return NULL;
57 }
58
59 conn->next_messageid = 1;
60 conn->event.event_ctx = ev;
61
62 conn->lp_ctx = lp_ctx;
63
64 /* set a reasonable request timeout */
65 conn->timeout = 60;
66
67 /* explicitly avoid reconnections by default */
68 conn->reconnect.max_retries = 0;
69
70 return conn;
71 }
72
73 /*
74 the connection is dead
75 */
76 static void ldap_connection_dead(struct ldap_connection *conn)
77 {
78 struct ldap_request *req;
79
80 talloc_free(conn->sock); /* this will also free event.fde */
81 talloc_free(conn->packet);
82 conn->sock = NULL;
83 conn->event.fde = NULL;
84 conn->packet = NULL;
85
86 /* return an error for any pending request ... */
87 while (conn->pending) {
88 req = conn->pending;
89 DLIST_REMOVE(req->conn->pending, req);
90 req->state = LDAP_REQUEST_DONE;
91 req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
92 if (req->async.fn) {
93 req->async.fn(req);
94 }
95 }
96 }
97
98 static void ldap_reconnect(struct ldap_connection *conn);
99
100 /*
101 handle packet errors
102 */
103 static void ldap_error_handler(void *private_data, NTSTATUS status)
104 {
105 struct ldap_connection *conn = talloc_get_type(private_data,
106 struct ldap_connection);
107 ldap_connection_dead(conn);
108
109 /* but try to reconnect so that the ldb client can go on */
110 ldap_reconnect(conn);
111 }
112
113
114 /*
115 match up with a pending message, adding to the replies list
116 */
117 static void ldap_match_message(struct ldap_connection *conn, struct ldap_message *msg)
118 {
119 struct ldap_request *req;
120 int i;
121
122 for (req=conn->pending; req; req=req->next) {
123 if (req->messageid == msg->messageid) break;
124 }
125 /* match a zero message id to the last request sent.
126 It seems that servers send 0 if unable to parse */
127 if (req == NULL && msg->messageid == 0) {
128 req = conn->pending;
129 }
130 if (req == NULL) {
131 DEBUG(0,("ldap: no matching message id for %u\n",
132 msg->messageid));
133 talloc_free(msg);
134 return;
135 }
136
137 /* Check for undecoded critical extensions */
138 for (i=0; msg->controls && msg->controls[i]; i++) {
139 if (!msg->controls_decoded[i] &&
140 msg->controls[i]->critical) {
141 req->status = NT_STATUS_LDAP(LDAP_UNAVAILABLE_CRITICAL_EXTENSION);
142 req->state = LDAP_REQUEST_DONE;
143 DLIST_REMOVE(conn->pending, req);
144 if (req->async.fn) {
145 req->async.fn(req);
146 }
147 return;
148 }
149 }
150
151 /* add to the list of replies received */
152 talloc_steal(req, msg);
153 req->replies = talloc_realloc(req, req->replies,
154 struct ldap_message *, req->num_replies+1);
155 if (req->replies == NULL) {
156 req->status = NT_STATUS_NO_MEMORY;
157 req->state = LDAP_REQUEST_DONE;
158 DLIST_REMOVE(conn->pending, req);
159 if (req->async.fn) {
160 req->async.fn(req);
161 }
162 return;
163 }
164
165 req->replies[req->num_replies] = talloc_steal(req->replies, msg);
166 req->num_replies++;
167
168 if (msg->type != LDAP_TAG_SearchResultEntry &&
169 msg->type != LDAP_TAG_SearchResultReference) {
170 /* currently only search results expect multiple
171 replies */
172 req->state = LDAP_REQUEST_DONE;
173 DLIST_REMOVE(conn->pending, req);
174 }
175
176 if (req->async.fn) {
177 req->async.fn(req);
178 }
179 }
180
181
182 /*
183 decode/process LDAP data
184 */
185 static NTSTATUS ldap_recv_handler(void *private_data, DATA_BLOB blob)
186 {
187 NTSTATUS status;
188 struct ldap_connection *conn = talloc_get_type(private_data,
189 struct ldap_connection);
190 struct ldap_message *msg = talloc(conn, struct ldap_message);
191 struct asn1_data *asn1 = asn1_init(conn);
192
193 if (asn1 == NULL || msg == NULL) {
194 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
195 }
196
197 if (!asn1_load(asn1, blob)) {
198 talloc_free(msg);
199 talloc_free(asn1);
200 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
201 }
202
203 status = ldap_decode(asn1, samba_ldap_control_handlers(), msg);
204 if (!NT_STATUS_IS_OK(status)) {
205 asn1_free(asn1);
206 return status;
207 }
208
209 ldap_match_message(conn, msg);
210
211 data_blob_free(&blob);
212 asn1_free(asn1);
213 return NT_STATUS_OK;
214 }
215
216 /* Handle read events, from the GENSEC socket callback, or real events */
217 void ldap_read_io_handler(void *private_data, uint16_t flags)
218 {
219 struct ldap_connection *conn = talloc_get_type(private_data,
220 struct ldap_connection);
221 packet_recv(conn->packet);
222 }
223
224 /*
225 handle ldap socket events
226 */
227 static void ldap_io_handler(struct tevent_context *ev, struct tevent_fd *fde,
228 uint16_t flags, void *private_data)
229 {
230 struct ldap_connection *conn = talloc_get_type(private_data,
231 struct ldap_connection);
232 if (flags & TEVENT_FD_WRITE) {
233 packet_queue_run(conn->packet);
234 if (!tls_enabled(conn->sock)) return;
235 }
236 if (flags & TEVENT_FD_READ) {
237 ldap_read_io_handler(private_data, flags);
238 }
239 }
240
241 /*
242 parse a ldap URL
243 */
244 static NTSTATUS ldap_parse_basic_url(TALLOC_CTX *mem_ctx, const char *url,
245 char **host, uint16_t *port, bool *ldaps)
246 {
247 int tmp_port = 0;
248 char protocol[11];
249 char tmp_host[1025];
250 int ret;
251
252 /* Paranoia check */
253 SMB_ASSERT(sizeof(protocol)>10 && sizeof(tmp_host)>254);
254
255 ret = sscanf(url, "%10[^:]://%254[^:/]:%d", protocol, tmp_host, &tmp_port);
256 if (ret < 2) {
257 return NT_STATUS_INVALID_PARAMETER;
258 }
259
260 if (strequal(protocol, "ldap")) {
261 *port = 389;
262 *ldaps = false;
263 } else if (strequal(protocol, "ldaps")) {
264 *port = 636;
265 *ldaps = true;
266 } else {
267 DEBUG(0, ("unrecognised ldap protocol (%s)!\n", protocol));
268 return NT_STATUS_PROTOCOL_UNREACHABLE;
269 }
270
271 if (tmp_port != 0)
272 *port = tmp_port;
273
274 *host = talloc_strdup(mem_ctx, tmp_host);
275 NT_STATUS_HAVE_NO_MEMORY(*host);
276
277 return NT_STATUS_OK;
278 }
279
280 /*
281 connect to a ldap server
282 */
283
284 struct ldap_connect_state {
285 struct composite_context *ctx;
286 struct ldap_connection *conn;
287 };
288
289 static void ldap_connect_recv_unix_conn(struct composite_context *ctx);
290 static void ldap_connect_recv_tcp_conn(struct composite_context *ctx);
291
292 _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *conn,
293 const char *url)
294 {
295 struct composite_context *result, *ctx;
296 struct ldap_connect_state *state;
297 char protocol[11];
298 int ret;
299
300 result = talloc_zero(conn, struct composite_context);
301 if (result == NULL) goto failed;
302 result->state = COMPOSITE_STATE_IN_PROGRESS;
303 result->async.fn = NULL;
304 result->event_ctx = conn->event.event_ctx;
305
306 state = talloc(result, struct ldap_connect_state);
307 if (state == NULL) goto failed;
308 state->ctx = result;
309 result->private_data = state;
310
311 state->conn = conn;
312
313 if (conn->reconnect.url == NULL) {
314 conn->reconnect.url = talloc_strdup(conn, url);
315 if (conn->reconnect.url == NULL) goto failed;
316 }
317
318 /* Paranoia check */
319 SMB_ASSERT(sizeof(protocol)>10);
320
321 ret = sscanf(url, "%10[^:]://", protocol);
322 if (ret < 1) {
323 return NULL;
324 }
325
326 if (strequal(protocol, "ldapi")) {
327 struct socket_address *unix_addr;
328 char path[1025];
329
330 NTSTATUS status = socket_create("unix", SOCKET_TYPE_STREAM, &conn->sock, 0);
331 if (!NT_STATUS_IS_OK(status)) {
332 return NULL;
333 }
334 talloc_steal(conn, conn->sock);
335 SMB_ASSERT(sizeof(protocol)>10);
336 SMB_ASSERT(sizeof(path)>1024);
337
338 /* LDAPI connections are to localhost, so give the
339 * local host name as the target for gensec's
340 * DIGEST-MD5 mechanism */
341 conn->host = talloc_asprintf(conn, "%s.%s",
342 lpcfg_netbios_name(conn->lp_ctx),
343 lpcfg_dnsdomain(conn->lp_ctx));
344 if (composite_nomem(conn->host, state->ctx)) {
345 return result;
346 }
347
348 /* The %c specifier doesn't null terminate :-( */
349 ZERO_STRUCT(path);
350 ret = sscanf(url, "%10[^:]://%1025c", protocol, path);
351 if (ret < 2) {
352 composite_error(state->ctx, NT_STATUS_INVALID_PARAMETER);
353 return result;
354 }
355
356 rfc1738_unescape(path);
357
358 unix_addr = socket_address_from_strings(conn, conn->sock->backend_name,
359 path, 0);
360 if (!unix_addr) {
361 return NULL;
362 }
363
364 ctx = socket_connect_send(conn->sock, NULL, unix_addr,
365 0, conn->event.event_ctx);
366 ctx->async.fn = ldap_connect_recv_unix_conn;
367 ctx->async.private_data = state;
368 return result;
369 } else {
370 NTSTATUS status = ldap_parse_basic_url(conn, url, &conn->host,
371 &conn->port, &conn->ldaps);
372 if (!NT_STATUS_IS_OK(state->ctx->status)) {
373 composite_error(state->ctx, status);
374 return result;
375 }
376
377 ctx = socket_connect_multi_send(state, conn->host, 1, &conn->port,
378 lpcfg_resolve_context(conn->lp_ctx), conn->event.event_ctx);
379 if (ctx == NULL) goto failed;
380
381 ctx->async.fn = ldap_connect_recv_tcp_conn;
382 ctx->async.private_data = state;
383 return result;
384 }
385 failed:
386 talloc_free(result);
387 return NULL;
388 }
389
390 static void ldap_connect_got_sock(struct composite_context *ctx,
391 struct ldap_connection *conn)
392 {
393 /* setup a handler for events on this socket */
394 conn->event.fde = tevent_add_fd(conn->event.event_ctx, conn->sock,
395 socket_get_fd(conn->sock),
396 TEVENT_FD_READ, ldap_io_handler, conn);
397 if (conn->event.fde == NULL) {
398 composite_error(ctx, NT_STATUS_INTERNAL_ERROR);
399 return;
400 }
401
402 tevent_fd_set_close_fn(conn->event.fde, socket_tevent_fd_close_fn);
403 socket_set_flags(conn->sock, SOCKET_FLAG_NOCLOSE);
404
405 talloc_steal(conn, conn->sock);
406 if (conn->ldaps) {
407 struct socket_context *tls_socket;
408 char *cafile = lpcfg_tls_cafile(conn->sock, conn->lp_ctx);
409
410 if (!cafile || !*cafile) {
411 talloc_free(conn->sock);
412 return;
413 }
414
415 tls_socket = tls_init_client(conn->sock, conn->event.fde, cafile);
416 talloc_free(cafile);
417
418 if (tls_socket == NULL) {
419 talloc_free(conn->sock);
420 return;
421 }
422
423 conn->sock = talloc_steal(conn, tls_socket);
424 }
425
426 conn->packet = packet_init(conn);
427 if (conn->packet == NULL) {
428 talloc_free(conn->sock);
429 return;
430 }
431
432 packet_set_private(conn->packet, conn);
433 packet_set_socket(conn->packet, conn->sock);
434 packet_set_callback(conn->packet, ldap_recv_handler);
435 packet_set_full_request(conn->packet, ldap_full_packet);
436 packet_set_error_handler(conn->packet, ldap_error_handler);
437 packet_set_event_context(conn->packet, conn->event.event_ctx);
438 packet_set_fde(conn->packet, conn->event.fde);
439 /* packet_set_serialise(conn->packet); */
440
441 if (conn->ldaps) {
442 packet_set_unreliable_select(conn->packet);
443 }
444
445 composite_done(ctx);
446 }
447
448 static void ldap_connect_recv_tcp_conn(struct composite_context *ctx)
449 {
450 struct ldap_connect_state *state =
451 talloc_get_type(ctx->async.private_data,
452 struct ldap_connect_state);
453 struct ldap_connection *conn = state->conn;
454 uint16_t port;
455 NTSTATUS status = socket_connect_multi_recv(ctx, state, &conn->sock,
456 &port);
457 if (!NT_STATUS_IS_OK(status)) {
458 composite_error(state->ctx, status);
459 return;
460 }
461
462 ldap_connect_got_sock(state->ctx, conn);
463 }
464
465 static void ldap_connect_recv_unix_conn(struct composite_context *ctx)
466 {
467 struct ldap_connect_state *state =
468 talloc_get_type(ctx->async.private_data,
469 struct ldap_connect_state);
470 struct ldap_connection *conn = state->conn;
471
472 NTSTATUS status = socket_connect_recv(ctx);
473
474 if (!NT_STATUS_IS_OK(state->ctx->status)) {
475 composite_error(state->ctx, status);
476 return;
477 }
478
479 ldap_connect_got_sock(state->ctx, conn);
480 }
481
482 _PUBLIC_ NTSTATUS ldap_connect_recv(struct composite_context *ctx)
483 {
484 NTSTATUS status = composite_wait(ctx);
485 talloc_free(ctx);
486 return status;
487 }
488
489 _PUBLIC_ NTSTATUS ldap_connect(struct ldap_connection *conn, const char *url)
490 {
491 struct composite_context *ctx = ldap_connect_send(conn, url);
492 return ldap_connect_recv(ctx);
493 }
494
495 /* set reconnect parameters */
496
497 _PUBLIC_ void ldap_set_reconn_params(struct ldap_connection *conn, int max_retries)
498 {
499 if (conn) {
500 conn->reconnect.max_retries = max_retries;
501 conn->reconnect.retries = 0;
502 conn->reconnect.previous = time_mono(NULL);
503 }
504 }
505
506 /* Actually this function is NOT ASYNC safe, FIXME? */
507 static void ldap_reconnect(struct ldap_connection *conn)
508 {
509 NTSTATUS status;
510 time_t now = time_mono(NULL);
511
512 /* do we have set up reconnect ? */
513 if (conn->reconnect.max_retries == 0) return;
514
515 /* is the retry time expired ? */
516 if (now > conn->reconnect.previous + 30) {
517 conn->reconnect.retries = 0;
518 conn->reconnect.previous = now;
519 }
520
521 /* are we reconnectind too often and too fast? */
522 if (conn->reconnect.retries > conn->reconnect.max_retries) return;
523
524 /* keep track of the number of reconnections */
525 conn->reconnect.retries++;
526
527 /* reconnect */
528 status = ldap_connect(conn, conn->reconnect.url);
529 if ( ! NT_STATUS_IS_OK(status)) {
530 return;
531 }
532
533 /* rebind */
534 status = ldap_rebind(conn);
535 if ( ! NT_STATUS_IS_OK(status)) {
536 ldap_connection_dead(conn);
537 }
538 }
539
540 /* destroy an open ldap request */
541 static int ldap_request_destructor(struct ldap_request *req)
542 {
543 if (req->state == LDAP_REQUEST_PENDING) {
544 DLIST_REMOVE(req->conn->pending, req);
545 }
546 return 0;
547 }
548
549 /*
550 called on timeout of a ldap request
551 */
552 static void ldap_request_timeout(struct tevent_context *ev, struct tevent_timer *te,
553 struct timeval t, void *private_data)
554 {
555 struct ldap_request *req = talloc_get_type(private_data, struct ldap_request);
556 req->status = NT_STATUS_IO_TIMEOUT;
557 if (req->state == LDAP_REQUEST_PENDING) {
558 DLIST_REMOVE(req->conn->pending, req);
559 }
560 req->state = LDAP_REQUEST_DONE;
561 if (req->async.fn) {
562 req->async.fn(req);
563 }
564 }
565
566
567 /*
568 called on completion of a failed ldap request
569 */
570 static void ldap_request_failed_complete(struct tevent_context *ev, struct tevent_timer *te,
571 struct timeval t, void *private_data)
572 {
573 struct ldap_request *req = talloc_get_type(private_data, struct ldap_request);
574 if (req->async.fn) {
575 req->async.fn(req);
576 }
577 }
578
579 /*
580 called on completion of a one-way ldap request
581 */
582 static void ldap_request_oneway_complete(void *private_data)
583 {
584 struct ldap_request *req = talloc_get_type(private_data, struct ldap_request);
585 if (req->state == LDAP_REQUEST_PENDING) {
586 DLIST_REMOVE(req->conn->pending, req);
587 }
588 req->state = LDAP_REQUEST_DONE;
589 if (req->async.fn) {
590 req->async.fn(req);
591 }
592 }
593 /*
594 send a ldap message - async interface
595 */
596 _PUBLIC_ struct ldap_request *ldap_request_send(struct ldap_connection *conn,
597 struct ldap_message *msg)
598 {
599 struct ldap_request *req;
600 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
601 packet_send_callback_fn_t send_callback = NULL;
602
603 req = talloc_zero(conn, struct ldap_request);
604 if (req == NULL) return NULL;
605
606 if (conn->sock == NULL) {
607 status = NT_STATUS_INVALID_CONNECTION;
608 goto failed;
609 }
610
611 req->state = LDAP_REQUEST_SEND;
612 req->conn = conn;
613 req->messageid = conn->next_messageid++;
614 if (conn->next_messageid == 0) {
615 conn->next_messageid = 1;
616 }
617 req->type = msg->type;
618 if (req->messageid == -1) {
619 goto failed;
620 }
621
622 talloc_set_destructor(req, ldap_request_destructor);
623
624 msg->messageid = req->messageid;
625
626 if (!ldap_encode(msg, samba_ldap_control_handlers(), &req->data, req)) {
627 status = NT_STATUS_INTERNAL_ERROR;
628 goto failed;
629 }
630
631 if (req->type == LDAP_TAG_AbandonRequest ||
632 req->type == LDAP_TAG_UnbindRequest) {
633 send_callback = ldap_request_oneway_complete;
634 }
635
636 status = packet_send_callback(conn->packet, req->data,
637 send_callback, req);
638 if (!NT_STATUS_IS_OK(status)) {
639 goto failed;
640 }
641
642 req->state = LDAP_REQUEST_PENDING;
643 DLIST_ADD(conn->pending, req);
644
645 /* put a timeout on the request */
646 req->time_event = tevent_add_timer(conn->event.event_ctx, req,
647 timeval_current_ofs(conn->timeout, 0),
648 ldap_request_timeout, req);
649
650 return req;
651
652 failed:
653 req->status = status;
654 req->state = LDAP_REQUEST_ERROR;
655 tevent_add_timer(conn->event.event_ctx, req, timeval_zero(),
656 ldap_request_failed_complete, req);
657
658 return req;
659 }
660
661
662 /*
663 wait for a request to complete
664 note that this does not destroy the request
665 */
666 _PUBLIC_ NTSTATUS ldap_request_wait(struct ldap_request *req)
667 {
668 while (req->state < LDAP_REQUEST_DONE) {
669 if (tevent_loop_once(req->conn->event.event_ctx) != 0) {
670 req->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
671 break;
672 }
673 }
674 return req->status;
675 }
676
677
678 /*
679 a mapping of ldap response code to strings
680 */
681 static const struct {
682 enum ldap_result_code code;
683 const char *str;
684 } ldap_code_map[] = {
685 #define _LDAP_MAP_CODE(c) { c, #c }
686 _LDAP_MAP_CODE(LDAP_SUCCESS),
687 _LDAP_MAP_CODE(LDAP_OPERATIONS_ERROR),
688 _LDAP_MAP_CODE(LDAP_PROTOCOL_ERROR),
689 _LDAP_MAP_CODE(LDAP_TIME_LIMIT_EXCEEDED),
690 _LDAP_MAP_CODE(LDAP_SIZE_LIMIT_EXCEEDED),
691 _LDAP_MAP_CODE(LDAP_COMPARE_FALSE),
692 _LDAP_MAP_CODE(LDAP_COMPARE_TRUE),
693 _LDAP_MAP_CODE(LDAP_AUTH_METHOD_NOT_SUPPORTED),
694 _LDAP_MAP_CODE(LDAP_STRONG_AUTH_REQUIRED),
695 _LDAP_MAP_CODE(LDAP_REFERRAL),
696 _LDAP_MAP_CODE(LDAP_ADMIN_LIMIT_EXCEEDED),
697 _LDAP_MAP_CODE(LDAP_UNAVAILABLE_CRITICAL_EXTENSION),
698 _LDAP_MAP_CODE(LDAP_CONFIDENTIALITY_REQUIRED),
699 _LDAP_MAP_CODE(LDAP_SASL_BIND_IN_PROGRESS),
700 _LDAP_MAP_CODE(LDAP_NO_SUCH_ATTRIBUTE),
701 _LDAP_MAP_CODE(LDAP_UNDEFINED_ATTRIBUTE_TYPE),
702 _LDAP_MAP_CODE(LDAP_INAPPROPRIATE_MATCHING),
703 _LDAP_MAP_CODE(LDAP_CONSTRAINT_VIOLATION),
704 _LDAP_MAP_CODE(LDAP_ATTRIBUTE_OR_VALUE_EXISTS),
705 _LDAP_MAP_CODE(LDAP_INVALID_ATTRIBUTE_SYNTAX),
706 _LDAP_MAP_CODE(LDAP_NO_SUCH_OBJECT),
707 _LDAP_MAP_CODE(LDAP_ALIAS_PROBLEM),
708 _LDAP_MAP_CODE(LDAP_INVALID_DN_SYNTAX),
709 _LDAP_MAP_CODE(LDAP_ALIAS_DEREFERENCING_PROBLEM),
710 _LDAP_MAP_CODE(LDAP_INAPPROPRIATE_AUTHENTICATION),
711 _LDAP_MAP_CODE(LDAP_INVALID_CREDENTIALS),
712 _LDAP_MAP_CODE(LDAP_INSUFFICIENT_ACCESS_RIGHTS),
713 _LDAP_MAP_CODE(LDAP_BUSY),
714 _LDAP_MAP_CODE(LDAP_UNAVAILABLE),
715 _LDAP_MAP_CODE(LDAP_UNWILLING_TO_PERFORM),
716 _LDAP_MAP_CODE(LDAP_LOOP_DETECT),
717 _LDAP_MAP_CODE(LDAP_NAMING_VIOLATION),
718 _LDAP_MAP_CODE(LDAP_OBJECT_CLASS_VIOLATION),
719 _LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_NON_LEAF),
720 _LDAP_MAP_CODE(LDAP_NOT_ALLOWED_ON_RDN),
721 _LDAP_MAP_CODE(LDAP_ENTRY_ALREADY_EXISTS),
722 _LDAP_MAP_CODE(LDAP_OBJECT_CLASS_MODS_PROHIBITED),
723 _LDAP_MAP_CODE(LDAP_AFFECTS_MULTIPLE_DSAS),
724 _LDAP_MAP_CODE(LDAP_OTHER)
725 };
726
727 /*
728 used to setup the status code from a ldap response
729 */
730 _PUBLIC_ NTSTATUS ldap_check_response(struct ldap_connection *conn, struct ldap_Result *r)
731 {
732 int i;
733 const char *codename = "unknown";
734
735 if (r->resultcode == LDAP_SUCCESS) {
736 return NT_STATUS_OK;
737 }
738
739 if (conn->last_error) {
740 talloc_free(conn->last_error);
741 }
742
743 for (i=0;i<ARRAY_SIZE(ldap_code_map);i++) {
744 if (r->resultcode == ldap_code_map[i].code) {
745 codename = ldap_code_map[i].str;
746 break;
747 }
748 }
749
750 conn->last_error = talloc_asprintf(conn, "LDAP error %u %s - %s <%s> <%s>",
751 r->resultcode,
752 codename,
753 r->dn?r->dn:"(NULL)",
754 r->errormessage?r->errormessage:"",
755 r->referral?r->referral:"");
756
757 return NT_STATUS_LDAP(r->resultcode);
758 }
759
760 /*
761 return error string representing the last error
762 */
763 _PUBLIC_ const char *ldap_errstr(struct ldap_connection *conn,
764 TALLOC_CTX *mem_ctx,
765 NTSTATUS status)
766 {
767 if (NT_STATUS_IS_LDAP(status) && conn->last_error != NULL) {
768 return talloc_strdup(mem_ctx, conn->last_error);
769 }
770 return talloc_asprintf(mem_ctx, "LDAP client internal error: %s", nt_errstr(status));
771 }
772
773
774 /*
775 return the Nth result message, waiting if necessary
776 */
777 _PUBLIC_ NTSTATUS ldap_result_n(struct ldap_request *req, int n, struct ldap_message **msg)
778 {
779 *msg = NULL;
780
781 NT_STATUS_HAVE_NO_MEMORY(req);
782
783 while (req->state < LDAP_REQUEST_DONE && n >= req->num_replies) {
784 if (tevent_loop_once(req->conn->event.event_ctx) != 0) {
785 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
786 }
787 }
788
789 if (n < req->num_replies) {
790 *msg = req->replies[n];
791 return NT_STATUS_OK;
792 }
793
794 if (!NT_STATUS_IS_OK(req->status)) {
795 return req->status;
796 }
797
798 return NT_STATUS_NO_MORE_ENTRIES;
799 }
800
801
802 /*
803 return a single result message, checking if it is of the expected LDAP type
804 */
805 _PUBLIC_ NTSTATUS ldap_result_one(struct ldap_request *req, struct ldap_message **msg, int type)
806 {
807 NTSTATUS status;
808 status = ldap_result_n(req, 0, msg);
809 if (!NT_STATUS_IS_OK(status)) {
810 return status;
811 }
812 if ((*msg)->type != type) {
813 *msg = NULL;
814 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
815 }
816 return status;
817 }
818
819 /*
820 a simple ldap transaction, for single result requests that only need a status code
821 this relies on single valued requests having the response type == request type + 1
822 */
823 _PUBLIC_ NTSTATUS ldap_transaction(struct ldap_connection *conn, struct ldap_message *msg)
824 {
825 struct ldap_request *req = ldap_request_send(conn, msg);
826 struct ldap_message *res;
827 NTSTATUS status;
828 status = ldap_result_n(req, 0, &res);
829 if (!NT_STATUS_IS_OK(status)) {
830 talloc_free(req);
831 return status;
832 }
833 if (res->type != msg->type + 1) {
834 talloc_free(req);
835 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
836 }
837 status = ldap_check_response(conn, &res->r.GeneralResult);
838 talloc_free(req);
839 return status;
840 }